|
220551
|
6.1 |
MEDIUM
Network
|
kinagacms_project
|
kinagacms
|
Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2019-5926
|
2024-11-21 13:45 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220552
|
9.8 |
CRITICAL
Network
|
netapp
|
service_processor
|
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution.…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-5490
|
2024-11-21 13:45 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220553
|
7.8 |
HIGH
Local
|
artifex
fedoraproject
canonical
debian
opensuse
redhat
|
ghostscript
fedora
ubuntu_linux
debian_linux
leap
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linux…
|
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
|
NVD-CWE-noinfo
|
CVE-2019-6116
|
2024-11-21 13:45 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220554
|
7.5 |
HIGH
Network
|
matrix
fedoraproject
|
synapse
fedora
|
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers …
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2019-5885
|
2024-11-21 13:45 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220555
|
8.1 |
HIGH
Network
|
splunk
|
software_development_kit
|
Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks.
|
CWE-295
Improper Certificate Validation
|
CVE-2019-5729
|
2024-11-21 13:45 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220556
|
9.8 |
CRITICAL
Network
|
portier
|
portier
|
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreove…
|
CWE-327
CWE-522
Use of a Broken or Risky Cryptographic Algorithm
Insufficiently Protected Credentials
|
CVE-2019-5723
|
2024-11-21 13:45 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220557
|
9.8 |
CRITICAL
Network
|
portier
|
portier
|
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the sea…
|
CWE-89
SQL Injection
|
CVE-2019-5722
|
2024-11-21 13:45 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220558
|
5.3 |
MEDIUM
Network
|
broadcastboxes
|
scion-8_firmware
|
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the …
|
NVD-CWE-noinfo
|
CVE-2019-5616
|
2024-11-21 13:45 |
2019-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220559
|
5.4 |
MEDIUM
Network
|
dradisframework
|
dradis
|
Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to in…
|
CWE-79
Cross-site Scripting
|
CVE-2019-5925
|
2024-11-21 13:45 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220560
|
8.8 |
HIGH
Network
|
rednao
|
smart_forms
|
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
|
CWE-352
Origin Validation Error
|
CVE-2019-5924
|
2024-11-21 13:45 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
